Github Api: get code scanning alert details (e.g. file path)


I’d like to get all code scanning results (code scanning alerts) - stuff visible under USER/REPO/security/code-scanning/ID github URL. This includes Tool, Rule ID, but also Location (file path, line number).

I tried using code scanning API, for example Get a code scanning alert but it does not return all details, for example Location is not returned.

Is is possible?

I guess it should be possible to upload the sarif file as artifact and then download it with API but I’d prefer an easier way.


Hi @pkruk2, does this changelog announcement from today 2021-02-16-improved-code-scanning-api/ help close some of the gaps to what you are looking for?

It mentions - When exporting alerts, the API now includes additional metadata to assist in offline analysis including alert’s location in the code, title, description, and full help text.

Thanks @byrneh

It’s a huge improvement. It looks like now the code-scanning/alerts API contains additional information like Location. I will make sure later if that’s all I need.

I also tried using the code-scanning/analyses/{analysis_id} with the application/sarif+json header to download SARIF data. But it looks like the data is not complete, for example there is no Rule ID. Do you know if this is intended?